From a032972e28060ca4f5644acffae3dfc268cc09db Mon Sep 17 00:00:00 2001
From: Paul Tyng <paul@paultyng.net>
Date: Wed, 11 Oct 2017 13:22:33 -0400
Subject: [PATCH] internal: Add .auth0.com to broken domains

Auth0 does not support `client_id` in basic auth
**without** a `client_secret` but they do support
one or both in the body.

Auth0 also uses account specific subdomains, so
needs to be in the domain suffix broken handling.

Change-Id: I06abec5c228c746b8b90758f452016eeb67f3e98
Reviewed-on: https://go-review.googlesource.com/70010
Reviewed-by: K.J. Valencik <kjvalencik@gmail.com>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
---
 internal/token.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/internal/token.go b/internal/token.go
index 881fbef..e7d078f 100644
--- a/internal/token.go
+++ b/internal/token.go
@@ -128,6 +128,7 @@ var brokenAuthHeaderProviders = []string{
 
 // brokenAuthHeaderDomains lists broken providers that issue dynamic endpoints.
 var brokenAuthHeaderDomains = []string{
+	".auth0.com",
 	".force.com",
 	".myshopify.com",
 	".okta.com",